#include <stdlib.h>
#include <string.h>
#include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
#undef PROG
#define PROG verify_main
-#ifndef NOPROTO
static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
static int check(X509_STORE *ctx,char *file);
-#else
-static int MS_CALLBACK cb();
-static int check();
-#endif
-
static int v_verbose=0;
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
{
int i,ret=1;
char *CApath=NULL,*CAfile=NULL;
EXIT(ret);
}
-static int check(ctx,file)
-X509_STORE *ctx;
-char *file;
+static int check(X509_STORE *ctx, char *file)
{
X509 *x=NULL;
BIO *in=NULL;
}
}
- x=PEM_read_bio_X509(in,NULL,NULL);
+ x=PEM_read_bio_X509(in,NULL,NULL,NULL);
if (x == NULL)
{
fprintf(stdout,"%s: unable to load certificate file\n",
return(ret);
}
-static int MS_CALLBACK cb(ok,ctx)
-int ok;
-X509_STORE_CTX *ctx;
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
if (!ok)
{
- /* since we are just checking the certificates, it is
- * ok if they are self signed. */
- if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
- ok=1;
- else
- {
- X509_NAME_oneline(
+ X509_NAME_oneline(
X509_get_subject_name(ctx->current_cert),buf,256);
- printf("%s\n",buf);
- printf("error %d at %d depth lookup:%s\n",ctx->error,
- ctx->error_depth,
- X509_verify_cert_error_string(ctx->error));
- if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED)
- ok=1;
- }
+ printf("%s\n",buf);
+ printf("error %d at %d depth lookup:%s\n",ctx->error,
+ ctx->error_depth,
+ X509_verify_cert_error_string(ctx->error));
+ if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;
+ /* since we are just checking the certificates, it is
+ * ok if they are self signed. But we should still warn
+ * the user.
+ */
+ if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
}
if (!v_verbose)
ERR_clear_error();